PT-2023-4623 · Moxa · Moxa Tn-4900 Series+1
Published
2023-08-16
·
Updated
2023-08-23
·
CVE-2023-34216
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Moxa TN-4900 Series firmware versions v1.2.4 and prior
Moxa TN-5900 Series firmware versions v3.3 and prior
Description
The issue is related to insufficient input validation in the
key-delete function, which could allow malicious users to delete arbitrary files. This vulnerability may potentially allow remote attackers to create or overwrite arbitrary files in the system.Recommendations
For Moxa TN-4900 Series firmware versions v1.2.4 and prior, consider disabling the
key-delete function until a patch is available.
For Moxa TN-5900 Series firmware versions v3.3 and prior, consider disabling the key-delete function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moxa Tn-4900 Series
Moxa Tn-5900 Series